Checking the existing setup

You must confirm that WebSphere® Application Server for z/OS® uses the RACF® local operating system security repository before proceeding. Security is configured when the application server is installed.

Before you begin

Make sure WebSphere Application Server for z/OS is installed to use RACF before you start to change settings through the Integrated Solutions Console.

About this task

When you install WebSphere Application Server for z/OS, you must set a number of options for storing security information. The two most common methods consist of using a federated repository or a local operating system repository, for example, RACF. When WebSphere Application Server for z/OS uses a RACF repository, security access for applications is managed in RACF through the z/OS system administrator (or whomever is in charge of RACF). For more information about RACF commands, refer to the z/OS V1R13.0 Security Server RACF Command Language Reference SA22-7687-16.

Note: With application security, Rule Execution Server applications use EJBROLE role values to determine which users and groups are allowed access and what tasks they can perform. These roles must be defined in RACF. See Creating EJB roles and RACF groups.

Procedure

  1. In the side panel, open Security  > Global security.
  2. If Local operating system is already selected under Current realm definition, make sure Enable application security is selected.

    If you select Enable application security you must click Apply and Save to apply the changes to the master configuration.

    Note: Perform the following steps after your WebSphere Application Server for z/OS administrator has set up this WebSphere Application Server for z/OS instance to use the local operating system security provider.
    1. Click Security Configuration Wizard.
    2. In Step 1, to specify the level of protection, select Enable application security and click Next.
    3. In Step 2, select Local operating system and click Next.
    4. In Step 3, set the name in the Primary administrative user name field and click Next.
    5. In Step 4, review the security configuration summary and click Finish.
    6. Click Save to save the changes to the master configuration.
    7. Restart WebSphere Application Server for z/OS.

      You must log into the Integrated Solutions Console as the primary administrative user.

  3. Check whether the HLQ property has been set.

    If it is not set and you expect it to be, confirm the situation with you system administrator.

    When you use RACF, you can set a high level qualifier (HLQ) at installation time to differentiate between separate installations of WebSphere Application Server for z/OS.

    1. Open Security  > Global security, then click Custom properties.
    2. In the list of properties, check for the HLQ property named com.ibm.security.SAF.profilePrefix and make a note of its value. The SAF profile prefix is used for the ++EJBHLQ++ property. For more information on ++EJBHLQ++ see the HBRINST variables used to configure WebSphere Application Server for Operational Decision Manager for z/OS.
Parent topic: Configuring RACF security
Related information:
z/OS configuration variables